How to Conduct a Climate Risk Assessment

What a Climate Risk Assessment Covers

A climate risk assessment identifies, evaluates, and prioritizes the physical and transition risks that climate change poses to your organization. It's a core requirement under TCFD, ISSB (IFRS S2), CSRD (ESRS E1), and increasingly under SEC and state-level regulations.

Physical risks arise from the changing climate itself — extreme weather events, rising temperatures, water stress. Transition risks arise from the shift to a low-carbon economy — policy changes, technology disruption, market shifts, reputational pressures. A credible assessment covers both.

Step 1: Define Scope and Objectives

Clarify the assessment's parameters:

• Organizational scope: Which entities, facilities, and operations are included? Include material supply chain nodes if feasible.
• Geographic scope: Identify all physical locations — offices, factories, warehouses, data centers, key supplier sites.
• Value chain scope: Assess risks to upstream suppliers and downstream customers where you have significant dependencies.
• Time horizons: Short-term (1-3 years), medium-term (3-10 years), long-term (10-30+ years). TCFD and ISSB expect all three.
• Audience: Who will use the results? Board, investors, risk management, operations?

Step 2: Catalog Physical Risk Exposures

For each location, identify relevant physical climate hazards:

Acute Risks (event-driven)

• Tropical cyclones and hurricanes
• Riverine and coastal flooding
• Wildfire
• Extreme heat events
• Severe storms (hail, tornadoes, ice storms)
• Drought

Chronic Risks (long-term shifts)

• Sea level rise
• Mean temperature increase
• Shifting precipitation patterns
• Water stress and scarcity
• Permafrost thaw
• Ocean acidification (for marine-dependent operations)

Data sources for hazard identification:

• NOAA Climate Explorer and National Climate Assessment
• World Bank Climate Change Knowledge Portal
• IPCC Interactive Atlas
• Swiss Re CatNet and Munich Re NatCatSERVICE
• First Street Foundation (US flood, fire, heat risk)
• WRI Aqueduct (water stress)

Map each facility against these hazards using geographic coordinates. Commercial climate analytics platforms (Moody's, MSCI Climate Lab, S&P Climanomics, Jupiter Intelligence) can automate this step.

Step 3: Catalog Transition Risk Exposures

Identify how the shift to a low-carbon economy affects your business:

Policy and Legal

• Carbon pricing (existing and projected emissions trading schemes, carbon taxes)
• Sector-specific regulations (efficiency standards, methane rules, technology phase-outs)
• Disclosure mandates (CSRD, SEC, California SB 253)
• Litigation risk (climate liability lawsuits, shareholder derivative actions)

Technology

• Cost declines in renewables, batteries, and EVs displacing incumbent technologies
• Emerging process requirements (green hydrogen, carbon capture) affecting industrial operations
• Digital infrastructure vulnerabilities to climate extremes

Market

• Shifting customer preferences toward low-carbon products
• Commodity price volatility driven by climate policy
• Supply chain disruptions from suppliers facing their own climate risks

Reputation

• Greenwashing allegations and activist campaigns
• ESG rating downgrades affecting capital access
• Employee recruitment and retention challenges

Step 4: Select Climate Scenarios

Scenario analysis is central to TCFD, ISSB, and CSRD. Use at least two scenarios representing different outcomes:

• Orderly transition (1.5°C or well-below 2°C): Aggressive policy action, rapid decarbonization. High transition risk, lower long-term physical risk. Reference: IEA Net Zero Emissions (NZE), NGFS Net Zero 2050.
• Disorderly transition (delayed action): Late, sudden policy shifts creating economic disruption. High transition and physical risk. Reference: NGFS Delayed Transition.
• Hot house world (3°C+): Limited policy action, severe physical impacts. Low near-term transition risk, extreme long-term physical risk. Reference: NGFS Current Policies, SSP5-8.5.

For physical risk projections, use IPCC Shared Socioeconomic Pathways. For transition risk, use Network for Greening the Financial System (NGFS) scenarios or IEA World Energy Outlook scenarios.

Step 5: Assess Risk Severity and Likelihood

For each identified risk under each scenario, evaluate:

• Likelihood: Probability of materialization (5-point scale or probability ranges)
• Financial impact: Revenue loss, increased costs, asset impairment, capital expenditure needs, insurance cost increases, litigation liability
• Time horizon: When could this risk materialize?
• Velocity: How quickly would the impact unfold?
• Adaptive capacity: Current ability to respond

Quantify where possible. For physical risks, estimate potential damage costs (property damage, business interruption, supply chain disruption). For transition risks, model the impact of different carbon price levels on operating costs and margins.

Step 6: Assess Climate-Related Opportunities

TCFD and ISSB require assessment of opportunities alongside risks:

• Resource efficiency gains from energy and water conservation
• Revenue from low-carbon products and services
• Access to new markets and climate-conscious customers
• Competitive advantage from early adaptation investments
• Favorable financing terms for companies with strong climate performance

Quantify opportunity value where feasible.

Step 7: Build a Climate Risk Register

Consolidate findings into a structured risk register documenting each risk's type, scenario, likelihood, impact magnitude, time horizon, and priority level. Prioritize using a heat map plotting likelihood against financial impact.

Present the top 10-15 risks to leadership with recommended response strategies:

• Avoid: Exit high-risk activities or locations
• Reduce: Invest in resilience measures and emissions reduction
• Transfer: Purchase insurance or hedge exposures
• Accept: Monitor and develop contingency plans

Step 8: Integrate into Enterprise Risk Management

Climate risk should not operate in isolation:

• Add climate risks to your corporate risk register alongside financial, operational, and strategic risks
• Include climate scenarios in financial planning and stress testing
• Brief the board risk committee on findings and response strategies
• Update risk appetite statements to include climate-specific thresholds
• Train risk management staff on climate risk methodology

Step 9: Disclose Results

Report your climate risk assessment through applicable frameworks:

• TCFD/ISSB disclosures (Strategy and Risk Management pillars)
• CSRD/ESRS E1 (climate-related risks, opportunities, and scenario analysis)
• CDP climate change questionnaire
• Annual report risk factor discussions

Frequently Asked Questions

Do we need external specialists for a climate risk assessment?

For a first assessment, external expertise adds significant value — particularly for physical risk modeling (which requires geospatial data and climate projection models) and financial quantification. Climate analytics firms provide location-level hazard data. After the initial assessment, many organizations build internal capability for ongoing updates.

How granular should physical risk analysis be?

Asset-level analysis is the gold standard — assessing each facility against location-specific hazard projections. At minimum, group facilities by geography and assess at the regional level. National-level averages mask significant local variation and aren't useful for decision-making.

What time horizons should we use?

TCFD and ISSB expect short (1-3 years), medium (3-10 years), and long-term (10-30+ years) assessments. Physical risks intensify over longer timeframes; transition risks may peak in the medium term under orderly transition scenarios. Define your horizons explicitly and apply them consistently across all risks.

How do we quantify financial impacts when uncertainty is high?

Use ranges rather than point estimates. Express impacts as scenarios: "Under a $75/tCO₂ carbon price, our annual operating costs increase by $2-4M." Sensitivity analysis showing how results change under different assumptions is more useful than false precision.

How often should we update the climate risk assessment?

Conduct a full reassessment every 2-3 years. Review and update annually to capture new climate data, regulatory changes, and business model shifts. Post-event reviews (after experiencing a climate-related disruption) should trigger targeted reassessments of affected risk areas.